From 09b342a9d3aa030bde6d52e39203b9b8c8e6b106 Mon Sep 17 00:00:00 2001
From: Michal Simek <michal.simek@amd.com>
Date: Tue, 14 Feb 2023 13:10:29 +0100
Subject: [PATCH] fix(zynqmp): check smc_fid 23:16 bits

23:16 bits when they gets to SMC handler should be all zeros but be
inside SIP Service Calls range which is defined as 0x82000000-0x8200ffff
or 0xc2000000-0xc200ffff. That's why make sure that code won't handle
any SMCs in SIP range out of predefined range. Because EM SMC is out of
this range already on this SOC check it after it (EMC SMC will be
handled separately).
Also fix MASK values to check the same range for PM/IPI/EM calls to make
sure that masking covers all required bits including 23:16. Bits 15:12
are used for different class of requests.

Change-Id: If23ac769c91d206e47758aeaa1f14e8b9c3dc7bb
Signed-off-by: Michal Simek <michal.simek@amd.com>
---
 plat/xilinx/zynqmp/sip_svc_setup.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/plat/xilinx/zynqmp/sip_svc_setup.c b/plat/xilinx/zynqmp/sip_svc_setup.c
index e21073660..ae401a4ef 100644
--- a/plat/xilinx/zynqmp/sip_svc_setup.c
+++ b/plat/xilinx/zynqmp/sip_svc_setup.c
@@ -6,6 +6,8 @@
 
 /* Top level SMC handler for SiP calls. Dispatch PM calls to PM SMC handler. */
 
+#include <inttypes.h>
+
 #include <common/runtime_svc.h>
 #include <tools_share/uuid.h>
 
@@ -22,14 +24,14 @@
 #define SIP_SVC_VERSION_MINOR	1
 
 /* These macros are used to identify PM, IPI calls from the SMC function ID */
-#define PM_FID_MASK	0xf000u
+#define SIP_FID_MASK	GENMASK(23, 16)
+#define XLNX_FID_MASK	GENMASK(23, 12)
 #define PM_FID_VALUE	0u
 #define IPI_FID_VALUE	0x1000u
-#define EM_FID_MASK     0xf0000u
 #define EM_FID_VALUE    0xE0000u
-#define is_em_fid(_fid) (((_fid) & EM_FID_MASK) == EM_FID_VALUE)
-#define is_pm_fid(_fid) (((_fid) & PM_FID_MASK) == PM_FID_VALUE)
-#define is_ipi_fid(_fid) (((_fid) & PM_FID_MASK) == IPI_FID_VALUE)
+#define is_em_fid(_fid) (((_fid) & XLNX_FID_MASK) == EM_FID_VALUE)
+#define is_pm_fid(_fid) (((_fid) & XLNX_FID_MASK) == PM_FID_VALUE)
+#define is_ipi_fid(_fid) (((_fid) & XLNX_FID_MASK) == IPI_FID_VALUE)
 
 /* SiP Service UUID */
 DEFINE_SVC_UUID2(zynqmp_sip_uuid,
@@ -62,12 +64,20 @@ static uintptr_t sip_svc_smc_handler(uint32_t smc_fid,
 			      void *handle,
 			      u_register_t flags)
 {
+	VERBOSE("SMCID: 0x%08x, x1: 0x%016" PRIx64 ", x2: 0x%016" PRIx64 ", x3: 0x%016" PRIx64 ", x4: 0x%016" PRIx64 "\n",
+		smc_fid, x1, x2, x3, x4);
+
 	/* Let EM SMC handler deal with EM-related requests */
 	if (is_em_fid(smc_fid)) {
 		return em_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
 					flags);
 	}
 
+	if (smc_fid & SIP_FID_MASK) {
+		WARN("SMC out of SiP assinged range: 0x%x\n", smc_fid);
+		SMC_RET1(handle, SMC_UNK);
+	}
+
 	/* Let PM SMC handler deal with PM-related requests */
 	if (is_pm_fid(smc_fid)) {
 		return pm_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
-- 
2.39.5